---
title: Nikto
course: intro_pentest
section: "Web-Based Exploitation"
layout: lesson
---

After running a port scan and discovering a service running on port 80 or port
443, one of the first tools that should be used to evaluate the service is
Nikto. Nikto is a web server vulnerability scanner. This tools was written by
Chris Sullo and David Lodge. Nikto automates the process of scanning web servers
or out-of-date and unpatched software as well as searching for dangerous files
that may reside on web servers. Nikto is capable of identifying a wide range of
specific issues and also checks the server for configuration issues. Nikto is
built into BlackArch, if you are not using BlackArch, Nikto can be obtained by
downloading it from the [Nikto website](www.cirt.net/Nikto2). Please note that
you’ll need Perl installed to run Nikto.

To view the various options available, you can run the following command:

```
nikto
```

Running this command will provide you with a brief description of the parameters
available to you. To run a basic vulnerability scan against a target, you need
to specify a host IP address with the "`-h`" switch. You should also specify a
port number with the "`-p`" parameter. You can instruct Nikto to scan multiple
ports by specifying a port range. For example, to scan for web servers on al
ports between 1 and 1000, you’d issue the following command in a terminal
window:

```
nikto -h example.com -p 1-1000
```

If you don’t specify a port number, Nikto will only scan port 80 on your target.
If you want to save the Nikto output for later review, you can do so by issuing
the "`-o`" followed by the file path and name of the file you’d like to use to
save the output.
